示例#1
0
    $log->debug("Access level is set to: " . gettype($_SESSION['accessLevel']));
} else {
    $log->debug("Session is started but nothing is set for the print opertion.");
}
//This should and will only perform a login and minimal security check for logged in users
if ($validateUser) {
    validateUser($site_prefix, $pageUrl, $siteSection, $onSpotView, $OnSpotPluginToValidate);
    //Test edit or add notes with view as note view is just historical notes of previous commenter's
    $spotNotesView = canViewOrEdit($_SESSION['accessLevel'], $siteSection, $onSpotNotesView);
    $spotNotesEdit = canViewOrEdit($_SESSION['accessLevel'], $siteSection, $onSpotNotesEdit);
    $approvalView = canViewOrEdit($_SESSION['accessLevel'], $siteSection, $onSpotApprovalView);
    if ($approvalView) {
        $approvalEdit = canViewOrEdit($_SESSION['accessLevel'], $siteSection, $onSpotApprovalEdit);
    }
    //Should we show the video download link below actaul video
    $downloadLink = canViewOrEdit($_SESSION['accessLevel'], $siteSection, $onSpotVideoDownload);
}
//Now load the record fields from FileMaker load
include_once $fmfiles . "work.db.php";
// formats for dates and times TODO remove this if it the code is not used
$displayDateFormat = '%m/%d/%Y';
$displayTimeFormat = '%I:%M:%S %P';
$displayDateTimeFormat = '%m/%d/%Y %I:%M:%S %P';
$submitDateOrder = 'mdy';
//1. first get the spot viewer records
$spotViewerLayout = "[WEB] cwp_spotviewer_browse";
$userNotesLayout = "[WEB] UserNotes";
$log->debug("All permissions setup now open layout search for document by PK");
$spot = $fmWorkDB->newFindCommand($spotViewerLayout);
$spot->addFindCriterion('__pk_ID', '==' . $pkId);
$log->debug("We have the PK, DB access handle and now execute");
示例#2
0
function validateUser($site_prefix, $fullUrl, $siteSection, $viewCheck, $pluginToValidate)
{
    global $log;
    //currently set at 2 hour time out and is only checked per page load
    $sessionTimeoutMax = 7200;
    $log->debug("validateUser() - method called for section: " . $siteSection);
    if (!session_id()) {
        session_start();
    }
    //Added this method to detect session timeout of no more than hours now if set
    if (isset($_SESSION['LAST_ACTIVITY']) && time() - $_SESSION['LAST_ACTIVITY'] > $sessionTimeoutMax) {
        $log->debug("Session timed out Username: "******"You have been logged out due to inactivity. Please login.";
        session_unset();
        session_destroy();
        if (!session_id()) {
            session_start();
        }
        $_SESSION['forwardingUrl'] = urldecode($fullUrl);
        header("location: " . $site_prefix . "login.php?error=" . $errorMsg);
        exit;
    }
    if (!isset($_SESSION['authenticated'])) {
        $log->debug("user is not authenticated for page: " . urldecode($fullUrl));
        $indexPage = "index.php";
        $phpSuffix = "php";
        if (!strpos(urldecode($fullUrl), $phpSuffix) || strpos(urldecode($fullUrl), $indexPage)) {
            header("location: " . $site_prefix . "login.php");
            exit;
        } else {
            $_SESSION['forwardingUrl'] = urldecode($fullUrl);
            $errorMsg = "User must be logged in to access the site";
            header("location: " . $site_prefix . "login.php?error=" . $errorMsg);
            exit;
        }
    }
    //Test if user has licensed ON-SPOT plugin on user record. If not redirect the user to error page
    //Note this validation was moved below authentication check
    validatePlugin($_SESSION['userName'], $_SESSION['installedPlugins'], $pluginToValidate);
    if (empty($_SESSION['accessLevel'])) {
        $log->debug("validateUser() - user access level is set to null/empty send that user to error page");
        $errorMessage = "You do not have the necessary access rights in " . strtoupper($siteSection);
        $messageTitle = "Access Denied";
        processError($errorMessage, "N/A", "user_validate.php", "N/A", $messageTitle);
    } else {
        if ($siteSection == "View") {
            $log->debug("Validate user can View or edit spot viewer");
            //this test is specific to OnSpot/OnSpotView for viewing the page
            //TODO we need to figure out the privs for Request side of the site. For now we skip this as can edit method controls this
            if (!canViewOrEdit($_SESSION['accessLevel'], $siteSection, $viewCheck)) {
                $log->debug("User does not have access privilege to the site section: " . $siteSection . " Username: "******"You do not have the necessary access rights in " . strtoupper($siteSection);
                $messageTitle = "Access Denied";
                processError($errorMessage, "N/A", "user_validate.php", "N/A", $messageTitle);
            }
        }
    }
    //Update session timer for each page visited. Once the session is dormant for 2 hours the test for session
    //session timeout is caught by timeout test ahead of this reset method
    resetSessionTimeout();
    $log->debug("User is fully validated so redirect to page URL: " . urldecode($fullUrl));
}